Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain

This chapter discusses lesson learned working with cyber situation awareness and network security domain experts to integrate visualizations into their current workflows. Working closely with network security experts, we discovered a critical set of requirements that a visualization must meet to be considered for use by the these domain experts. We next present two separate examples of visualizations that address these requirements: a flexible web-based application that visualizes network traffic and security data through analyst-driven correlated charts and graphs, and a set of ensemble-based extensions to visualize network traffic and security alerts using existing and future ensemble visualization algorithms.

[1]  Jeffrey M. Bradshaw,et al.  Sol: An Agent-Based Framework for Cyber Situation Awareness , 2012, KI - Künstliche Intelligenz.

[2]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[3]  Andreas Paepcke,et al.  Visual Analysis of Network Flow Data with Timelines and Event Plots , 2007, VizSEC.

[4]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[5]  Edward R. Tufte,et al.  Envisioning Information , 1990 .

[6]  John R. Goodall,et al.  VIAssist: Visual analytics for cyber defense , 2009, 2009 IEEE Conference on Technologies for Homeland Security.

[7]  Pavel Minarík,et al.  NetFlow Data Visualization Based on Graphs , 2008, VizSEC.

[8]  Daniel A. Keim,et al.  Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations , 2009, CHIMIT.

[9]  Changzhen Hu,et al.  NetVis: A network security management visualization tool based on treemap , 2010, 2010 2nd International Conference on Advanced Computer Control.

[10]  Min Chen,et al.  A survey of security visualization for computer network logs , 2012, Secur. Commun. Networks.

[11]  Edward R. Tufte,et al.  The Visual Display of Quantitative Information , 1986 .

[12]  Benjamin B. Bederson,et al.  A review of overview+detail, zooming, and focus+context interfaces , 2009, CSUR.

[13]  Tran Khanh Dang,et al.  A survey on security visualization techniques for web information systems , 2013, Int. J. Web Inf. Syst..

[14]  Kara Nance,et al.  Visualizing Network Activity Using Parallel Coordinates , 2011, 2011 44th Hawaii International Conference on System Sciences.